From: Olaf Dabrunz <od@suse.de>
To: Linux kernel list <linux-kernel@vger.kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>
Subject: Re: [Patch] TIOCCONS security
Date: Wed, 25 Aug 2004 18:18:37 +0200 [thread overview]
Message-ID: <20040825161837.GB21687@suse.de> (raw)
In-Reply-To: <20040825161630.B8896@infradead.org>
On 25-Aug-04, Christoph Hellwig wrote:
> On Wed, Aug 25, 2004 at 04:15:04PM +0100, Christoph Hellwig wrote:
> > > Still, I believe that administrators and operators would not like any
> > > user to be able to hijack messages that were written to the console.
> > >
> > > The only user of TIOCCONS that I am aware of is bootlogd/blogd, which
> > > runs as root. Please comment if there are other users.
> >
> > Oh, common. Do your basic research - this has been rejected a few times
> > and there have been better proposals. Just use goggle a little bit.
>
> Umm, I'm smoking crack. Sorry, for some reason I took this for another
> TIOCGDEV submission without reading.
(Don't do this to me. ;))
BTW, I found that xterm -C is using this. xterm(1x) is misleading
though because it states that /dev/console must belong to the user of
xterm -C. I did not do a thorough check, but since the availability of
the "-C" option depends on TIOCCONS (or SRIOCSREDIR) being available,
this should work without /dev/console belonging to the user of TIOCCONS.
Anyway, there are other ways to read log messages from X. One is to use
xconsole on /dev/xconsole and have syslogd provide filtered messages to
/dev/xconsole.
Changing the ownership on /dev/console causes security problems (that
user can usually access the current virtual terminal anytime, and the
current one may not belong to him). This does not happen with
/dev/xconsole, so it is possible to change the ownership of
/dev/xconsole to the first local X user.
While /dev/xconsole may not be the same as /dev/console, e.g. boot
script messages do go to the console (that's why bootlogd uses
TIOCCONS), it seems to be the best bet so far. It may even be possible
to pipe boot messages to /dev/xconsole.
The bottom line is, that I do not see why normal users should be able to
use TIOCCONS. Hijacking console output is a security problem, which has
been found quite some time ago on SunOS as well
(http://www.cert.org/advisories/CA-1990-12.html).
--
Olaf Dabrunz (od/odabrunz), SUSE Linux AG, Nürnberg
next prev parent reply other threads:[~2004-08-25 16:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-25 15:11 [Patch] TIOCCONS security Olaf Dabrunz
2004-08-25 15:15 ` Christoph Hellwig
2004-08-25 15:16 ` Christoph Hellwig
2004-08-25 16:18 ` Olaf Dabrunz [this message]
2004-08-25 21:03 ` Kees Cook
2004-08-26 21:22 ` Valdis.Kletnieks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040825161837.GB21687@suse.de \
--to=od@suse.de \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox